Application No. 09/244,203 

Amendment After Allowance Dated June 3, 2004 - 3 - 

Amendments to the Claims; 

This listing of claims mil replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

1-18. (Previously cancelled) 

19. (Previously presented) A system for ciphering a packet in a data stream received 
by a communication device, said system comprising: 

a first communication port for receiving said data stream; 

a second communication port for transmitting a ciphered data stream 
associated with said data stream; 

a memory device having 

a memory buffer; 

a first access port connected to said memory buffer; and 

a second access port connected to said memory buffer; 

a data processing processor connected to said first communication port, 
said second communication port and said first access port via a first bus; 

and 

a ciphering processor connected to said second access port via a second 
bus, 

wherein said first access port and said second access port each provide access to said 
memory buffer; said data processing processor is adapted to receive said data stream 
from said first communication port through said first bus, to identify a start and an end of 
said packet, to store a file associated with said packet in said memory buffer through said 
first bus and to retrieve said ciphered data from said memory buffer through said first bus 
for transmission through said second communications port; said data processor further 
comprises a security module to determine a security context relating to at least one source 
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of said data stream and a destination for said ciphered data stream, to store said security 
context in said memory buffer for access by said ciphering processor and to retrieve a 
given security context from said memory buffer for use in generating said ciphered data 
stream; and said ciphering processor is adapted to retrieve said file from said memory 
buffer over said second bus to generate said ciphered data stream from said file, to 
generate integrity check information for said ciphered data stream using contents of said 
file and to provide said ciphered data stream to said memory buffer through said second 
bus. 

20. (Previously presented) The system for ciphering a packet in a data stream as 
claimed in claim 19, wherein said ciphering processor includes an encryption module for 
generating said ciphered data stream and a hashing module for generating said integrity 
check information. 

2 1 . (Previously presented) The system for ciphering a packet in a data stream as 
claimed in claim 19, wherein said ciphering processor includes an encryption module for 
generating said ciphered data stream and a module for generating said integrity check 
information. 



22. (Previously presented) The system for ciphering a packet in a data stream as 
claimed in claim 20, wherein said encryption module includes a DES encryption module 
for performing one of DES and triple-DES encryption. 

23. (Previously presented) The system for ciphering a packet in a data stream as 
claimed in claim 20, wherein said hashing module includes a HMAC hashing module for 
encoding said integrity check information within said ciphered data stream. 

24. (Previously presented) The system for ciphering a packet in a data stream as 
claimed in claim 19, wherein said memory buffer comprises dual port random access 
memory. 
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27. (Previously presented) The system for ciphering a packet in a data stream as 
claimed in claim 20, wherein said data processing processor comprises a security address 
module, said security address module stores an address associated with said security 
context in said memory buffer, said address based on said at least one of said source of 
said data stream and said destination for said ciphered data stream. 

28. (Previously presented) The system for ciphering a packet in a data stream as 
claimed in claim 27, wherein said security module provides an indication to said data 
processing processor when a security context is not present in said memory buffer. 

29. (Previously presented) The system for ciphering a packet in a data stream as 
claimed in claim 19, wherein said data processing processor operates asynchronously to 
said ciphering processor 

30. (Previously presented) The system for ciphering a packet in a data stream as 
claimed in claim 29, wherein said data processing processor is clocked by a first clock 
source, said ciphering processor is clocked by a second clock source and said first clock 
source is asynchronous to said second clock source. 

3 1 . (Previously cancelled) 

32. (Previously presented) The system for ciphering a packet in a data stream as 
claimed in claim 30, wherein said data stream received at said first communications port 
comprises fragments of a packet, said data processing processor stores said fragments in 
said memory buffer to assemble said packet and said ciphering processor generates said 
ciphered data stream from said assembled packet. 

33. (Previously presented) The system for ciphering a packet in a data stream as 
claimed in claim 32, wherein said system is disposed at a gateway between a private 
network and a public network in a secure virtual private network, said first 
communications port is connected to one of said private network and said public network 
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and said second communications port is connected to another one of said private network 



and said public network. 

34. (Currently amended) A method for ciphering a packet in a data stream received 
by a communication device having a first communication port for receiving said data 
stream, a second communication port for transmitting a ciphered data stream associated 
with said data stream, a memory device including a memory buffer and a first and a 
second access ports connected to said memory buffer, said communication device further 
having a data processing processor connected to said first communication port, said 
second communication port and said access port via a first bus and a ciphering processor 
connected to said second access port via a second bus, said method comprising: 

receiving said data stream from said first communication port for processing by 
said data processing processor; 

identifying a start and an end of said packet by said data processing processor; 



storing a file associated with said packet in said memory buffer by said data 
processing processor through said first bus; 

retrieving said file from said memory buffer by said ciphering processor over said 
second bus; 

generating said ciphered data stream from said file by said ciphering processor; 

generating integrity check information for said ciphered data stream using 
contents of said file by said ciphering processor; 

providing said ciphered data stream to said second communication port; 

retrieving a security context from memory for use in generating said ciphered data 
stream; 

determining a security context relating to at least one of a source of said data 
stream and a destination for said ciphered data stream; and 
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storing said security context in said memory buffer, said security context stored 
being accessible by said ciphering processor. 

35. (Previously presented) The method for ciphering a packet in a data stream as 
claimed in claim 34, wherein said ciphered data stream is generated by an encryption 
module in said ciphering processor and said integrity check information is generated by a 
hashing module in said ciphering processor. 

36. (Previously presented) The method for ciphering a packet in a data stream as 
claimed in claim 35, wherein said ciphering processor includes an encryption module for 
generating said ciphered data stream and a module for generating said integrity check 
information. 

37. (Previously presented) The method for ciphering a packet in a data stream as 
claimed in claim 36, wherein said encryption module further performs one of DES and 
triple-DES encryption utilizing a DES encryption module. 

38. (Previously presented) The method for ciphering a packet in a data stream as 
claimed in claim 37, wherein said hashing module further encodes said integrity check 
information within said ciphered data stream utilizing a HMAC hashing module. 

39. (Previously presented) The method for ciphering a packet in a data stream as 
claimed in claim 38, wherein said memory buffer comprises dual port random access 
memory. 

40. (Previously presented) The method for ciphering a packet in a data stream as 
claimed in claim 39, wherein said data processing processor further stores an address 
associated with said security context in said memory buffer, said address based on said at 
least one of said source of said data stream and said destination for said ciphered data 
stream. 
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4 1 . (Previously presented) The method for ciphering a packet in a data stream as 
claimed in claim 40, wherein said security module provides an indication to said data 
processing processor when a security context is not present in said memory buffer. 

42. (Previously presented) The method for ciphering a packet in a data stream as 
claimed in claim 41, wherein said data processing processor is clocked by a first clock 
source, said ciphering processor is clocked by a second clock source and said first clock 
source is asynchronous to said second clock source. 

43. (Previously presented) A system for ciphering a packet in a data stream received 
by a communication device, said system comprising: 

a first communication port for receiving said data stream; 

a second communication port for transmitting a ciphered data stream 
associated with said data stream; 

a memory device having 

a memory buffer; 

a first access port connected to said memory buffer, and 
a second access port connected to said memory buffer; 

i 

a data processing processor connected to said first communication port, 
said second communication port and said first access port via a first bus, 
said data processor comprising a security module to determine a security 
context relating to at least one source of said data stream and a destination 
for said ciphered data stream, to store said security context in said memory 
buffer for access by said ciphering processor and to retrieve a given 
security context from said memory buffer for use in generating said 
ciphered data stream; 

and 

a ciphering processor connected to said second access port via a second 
bus, 
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wherein said first access port and said second access port each provide access to said 
memory buffer; and said ciphering processor provides said ciphered data stream to said 
memory buffer through said second bus. 
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